Mailing-List: contact new-httpd-help@apache.org; run by ezmlm
Precedence: bulk
Reply-To: new-httpd@apache.org
Date: Mon, 8 May 2000 14:40:01 -0700 (PDT)
From: Greg Stein <gstein@lyra.org>
To: new-httpd@apache.org
Subject: Re: location of md5, sha1, base64, and validate_password
In-Reply-To: <3916E573.F89A7459@algroup.co.uk>
Message-ID: <Pine.LNX.4.10.10005081435330.18798-100000@nebula.lyra.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Mon, 8 May 2000, Ben Laurie wrote:
> Greg Stein wrote:
>...
> > Ronald points out that the md5/sha1/base64 functions have no more
> > system-specific code in them (they layer on top of APR). Therefore, they
> > don't need to go into APR.
>...
> To quote from my FreeBSD manual pages:
> 
> MD5(3)                 FreeBSD Library Functions Manual                
> MD5(3)
> 
> NAME
>      MD5Init, MD5Update, MD5Final, MD5End, MD5File, MD5Data - calculate
> the
>      RSA Data Security, Inc., ``MD5'' message digest
> 
> So ... does every platform support MD5 in a native library?

Woah. Cool.

And that's a rhetorical question. You already know that every platform
doesn't have the MD5 functionality :-)

The question is whether our MD5 functions would be covers for the OS
functions, or whether we would just go ahead and continue to use our own.
It isn't like these functions are rocket science and we'd gain something
form using the OS.

So... *if* we were to use the OS functions rather than our own, then yes:
I'd agree that the MD5 functions would go into APR so it could make the
appropriate platform-specific choice.


That said: -1 on using OS-provided MD5 functions. That will increase
config and code complexity with very little benefit (we save some bytes of
code on a couple platforms). In other words, we'd complicate the system
for all platforms to save bytes on a small few. Not worth it.

[ and as a corollary: I'm still +1 on moving MD5/validate_password to
  Apache and -0 on moving SHA1/base64 into APR ]

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/